1. DFAS Home
  2. myPay Release Information
  3. Stronger Password Requirement


The FBI reports that Internet crime continues to rise. Today’s lifestyles include a growing online component to keep in touch with friends and family, purchase retail goods and manage our financial, medical and personal business.

BACKGROUND: Why does myPay require stronger passwords?
With the Spring 2013 release, myPay will be updating its system password requirements to come in line with DoD security rules. This means all users who access myPay with their login ID and password must create a new password using the following rules:
  • Must be 15 to 30 characters in length
  • Contain at least two UPPERCASE letters
  • Contain at least two lowercase letters
  • Contain at least two numbers (0-9)
  • Contain at least two of the following special characters:
    • # (pound or number sign)]
    • @ (at sign)
    • $ (dollar sign)
    • = (equal sign)
    • + (plus sign)
    • % (percent sign)
    • ^ (caret)
    • ! (exclamation)
    • * (asterisk)
    • _ (underline/underscore)
  • Must NOT include any spaces
Additionally, passwords will now expire every 60 days. This will require users to change their passwords. Each updated password must change at least four characters from the previous password.  It also must not be one of your last 10 passwords.

(Check out our Tips & Tricks page on getting your new password up and running!)

About 10 days before your password expires, you will receive an email advising you to update your password to avoid delays logging into myPay. Make sure the email address recorded in your myPay profile is current to ensure you receive these important notices.

KEEP IT SAFE! When you create your new password or update it in the future, its security depends on you. Whether you rely on your memory, writing down passwords on paper or creating a computer file, it’s vital that your passwords are never exposed to others.

If you must write down your password on a piece of paper, make sure it stays locked up in a secure place. If you save it to your computer, flash drive or other media device, make sure the document is encrypted and/or password protected.

Want to learn more about keeping your online accounts safe? Our Security section has actions you should take to help protect your personal information from scams and identity theft.


If you log into myPay using your DoD Common Access Card (CAC) or Personal Identity Verification (PIV) Card, you will not be required to provide your password in order to review and manage your account online unless you are new to myPay and logging in for the first time. All users are required to register a login ID and password even if you use a smartcard.


myPay currently serves more than 6 million military members, federal civilian employees and military retirees. Beginning in May, myPay users will be divided into seven groups  to update their passwords. This process will continue until September when the last group converts to the new requirements.

When your group is due  to change the  password to the new format, you will receive an email  plus an onscreen notice to update your password when you login to myPay.


If you provide authorization for a trusted family member, friend or associate to access your pay information without the ability to make changes,  they will be required to change the password every 60 days also. The same rules apply to the limited access password as your primary access password and they will be prompted by screen displays when the password change is necessary.

And remember, you always have control over who has limited access to your myPay account.

Page updated June 6, 2013